Savannah Administration - News
[download] SFTP disabled
Item posted by Ineiev <ineiev> on Mon 27 Nov 2023 11:00:33 AM UTC.
Recently, we discovered a vulnerability in our SFTP setup, and couldn't fix it otherwise than completely disabling SFTP. This affects uploading files to the download host, namely, the download area and audio-video.gnu.org.
The files still can be uploaded using SCP. What SCP can't do is removing erroneously uploaded files. Before enabling SFTP back in 2022, Savannah admins removed such files manually on request, but these days, we added restricted commands, rm and rmdir, that can be run via SSH to that end. For specific examples, please check Savannah documentation on uploading files.
Sorry for the inconvenience, and thank you for your work on free software!
Powered by Savane 3.14-25bf.
Corresponding source code